Page MenuHomePhabricator

"View Source" link appears as "Edit" for autoconfirmed users (who cannot edit newsletters)
Closed, ResolvedPublic


This is a minor visual problem; clicking the link properly produces a permission error, but it says 'Edit'


Related Gerrit Patches:
mediawiki/extensions/Newsletter : masterRestricted Newsletter editing to "newsletter-manage" group.

Event Timeline

Pppery created this task.Dec 31 2016, 11:00 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 31 2016, 11:00 PM

Will I ever stop finding new bugs?

Will I ever stop finding new bugs?

In general that's very unlikely. Welcome to the reality of software development. :P

Filip added a subscriber: Filip.Jan 1 2017, 3:27 PM
Qgil added a subscriber: Qgil.

Good catch. As a general principle, users should be presented labels / links according to their permissions, in order to avoid false expectations.

If a user cannot edit a newsletter, the label should be either "View source"+ link.

Filip claimed this task.Jan 14 2017, 3:14 PM
Filip removed a project: Google-Code-In-2016.
Filip added a comment.Jan 14 2017, 3:16 PM

GCI is over - we should do some cleanup.

Filip closed this task as Resolved.Jan 14 2017, 6:05 PM

Now all of Newsletter groups are only to sysop. Can't recreate this.

Pppery reopened this task as Open.Jan 16 2017, 5:19 PM
Pppery removed Filip as the assignee of this task.

This bug still exists, but was made impossible to test by the change of newsletter-create to sysop. The link still displays edit for a user with the newsletter-create right but not the newsletter-manage right, who cannot edit newsletters.

Change 332366 had a related patch set uploaded (by Filip):
Restricted Newsletter editing to "newsletter-manage" group.

Filip claimed this task.Jan 16 2017, 6:33 PM

Pppery: Hmm, thats rare case.

Change 332366 merged by jenkins-bot:
Restricted Newsletter editing to "newsletter-manage" group.

Filip closed this task as Resolved.Feb 4 2017, 9:45 PM

@Pppery @01tonythomas Admins can disable rights using newsletter-create: false now, do I think, we can close this :)

Qgil awarded a token.Feb 7 2017, 1:39 PM